Recruitment (Privacy) Notice

1. Introduction

1.1 In this Recruitment (Privacy) Notice, ‘SPPA’ refers to Security and Property Protection Agency Co Ltd and all the words and expressions used in this Recruitment (Privacy) Notice shall be interpreted and construed in line with the definitions used in SPPA’s General Data Protection Policy.

1.2 This Recruitment (Privacy) Notice should be read and interpreted in conjunction with and subject to SPPA’s General Data Protection Policy that governs all the personal data processing activities of SPPA.

1.3 This Recruitment (Privacy) Notice is relevant to all persons who apply or are likely to apply for a job at SPPA and whose personal data may be collected by SPPA, whether by automated or non-automated means, in line with the
requirements of the Mauritius Data Protection Act 2017 (‘DPA’).

2. Responsibilities

2.1 SPPA will ensure that this Recruitment (Privacy) Notice is brought to the knowledge of all persons who apply or are likely to apply for jobs at SPPA in order to provide to the said persons with all relevant information pertaining to the collection/processing of their personal data when they apply for jobs at SPPA.

2.2 SPPA has ensured that all its relevant préposés who interact or otherwise deal with the personal data of job applicants are responsible for ensuring that:

2.2.1 this Recruitment (Privacy) Notice is drawn to the attention of the applicants when processing the latter’s personal data; and

2.2.2 they obtain the consent of the said applicants prior to the processing of their data wherever consent is required under the DPA.

3. Privacy Statement

3.1 What personal data of job applicants does SPPA process?

3.1.1 The personal data SPPA is likely to collect from job applicants and process is:

(a) Name;

(b) Date of Birth;

(c) Address;

(d) Telephone numbers;

(e) Email address;

(f) NIC or Passport number;

(g) Qualifications, CV and professional/personal referees.

3.1.2 All the personal data SPPA collects from job applicants will be used for the purpose of assessing the suitability of the applicant for the job applied for. And should the applicant be successful in its application and that SPPA offers him or her the job, SPPA will collect all personal data that are necessary for the preparation of a contract of employment.

3.1.3 In any event, SPPA is committed to ensuring that the information it collects and uses is appropriate for the purpose for which it was collected, and does not constitute an invasion of the applicants’ privacy.

3.1.4 SPPA’s aim is not to be intrusive, and SPPA undertakes not to ask irrelevant or unnecessary questions. Moreover, the personal information collected from the applicants will be subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.

3.2 Consent

3.2.1 SPPA will ask and obtain explicit written consent from job applicants before processing any special categories of personal data on them.

3.2.2 Special categories of personal data is information about racial origin, ethnic origin, political opinion, religious belief, philosophical belief, trade union membership, genetic data, biometric data, health data, criminal record, data concerning sex life and/or sexual orientation.

3.2.3 Where asking special categories of personal data from job applicants, SPPA will always tell them why and how the information will be used.

3.2.4 As a rule, SPPA will not ask job applicants information about their special categories personal data save and except when it is necessary to assess whether the applicant is medically fit for the job applied for and/or where the applicant’s criminal record is relevant given the nature of the job applied for.

3.2.5 When applicants have been requested to and do submit written explicit consent, they will be informed that they have the right to withdraw their consent at any time by informing SPPA and/or SPPA’s Data Protection Officer in writing of their wishes to withdraw their consent without having to assign any reason for their decisions.

3.2.6 SPPA may exceptionally process special categories personal data of job applicants without their explicit written consent if such processing is required by law, for compliance with a Court order, for determining whether the said applicants are medically fit for the jobs applied for, for protecting the legitimate interests of SPPA should the latter need to defend civil claims including but not limited to complaints instituted under the Equal Opportunities Act 2008 or where the information is already in the public domain.

3.3 Disclosure and transfer

3.3.1 SPPA may pass on personal data of job applicants to third-party service providers contracted to SPPA for specific purposes (e.g. recruitment agencies). Any third parties, with whom SPPA may share personal data of job applicants, are obliged to keep the same securely, and to use them only to fulfil the service they provide to SPPA. When they no longer need the said data to fulfil this service, they will dispose of the details in line with SPPA’s procedures.

3.3.2 Save and except as provided at clause 3.3.1 above, SPPA will not pass on the personal data of job applicants to third parties unless such disclosure is necessary for the processing activities of SPPA in furtherance of a contractual relationship to which SPPA and the said applicants are privy.

3.3.3 As a rule, SPPA will not transfer the personal data of job applicants to another country or to another company within SPPA’s group unless the applicants have so requested.

3.3.4 Furthermore, SPPA will not transfer the personal data of job applicants to a different country without having carried out an adequacy test as explained in SPPA’s General Data Protection Policy and informed the applicants concerned about the adequacy of protection afforded to the personal data in that country, owing to the absence of appropriate safeguards.

3.4 Report of Breach

Whenever SPPA is on notice that a breach of personal data has been committed or reasonably suspects that a breach of personal data is likely to be committed, SPPA  shall as soon as reasonably practicable inform the relevant supervisory authority about the same. The job applicant concerned shall also be informed about the same especially where such a breach is likely to impact on the rights and freedoms of the said applicant.

3.5 Retention Period

3.5.1 Subject to paragraph 3.5.2 below, SPPA will process and store the personal data of job applicants for no longer that is required for the purpose for which it is initially collected.

3.5.2 Notwithstanding paragraph 3.5.1 above, SPPA may store the personal data of job applicants for such period as may be necessary for SPPA’s compliance with legal obligations and for SPPA’s legitimate interests such as the defense by SPPA of legal claims that may be brought against it.

3.6 Rights of job applicants

At any point while SPPA is in possession of or processing the personal data of job applicants, the latter shall have the following rights:

3.6.1 Right of access – a job applicant has the right to request a copy of the information that SPPA holds about him or her.

3.6.2 Right of rectification – a job applicant has the right to correct data that SPPA holds about him or her that is inaccurate or incomplete.

3.6.3 Right to be forgotten – in certain circumstances a job applicant can ask for the data SPPA holds about him or her to be erased from its records save and except if the retention of the data is necessary by law and/or necessary for the legitimate interests of SPPA (e.g. retention of 10 years in order to defend possible civil claims that can be brought within the civil prescription time- line).

3.6.4 Right to restriction of processing – where certain conditions apply, a job applicant has a right to restrict the processing.

3.6.5 Right of portability – a job applicant has the right to have the data SPPA holds about him or her transferred to another organisation.

3.6.6 Right to object – a job applicant has the right to object to certain types of processing.

3.6.7 Right to object to automated processing – a job applicant also has the right not to be subject to the legal effects of automated processing.

3.6.8 Right to judicial review: in the event that SPPA refuses to accede to a request under rights of access, SPPA will provide a reason as to why. In such as case, the job applicant has the right to complain as outlined in clause 3.7 below.

3.7 Complaints

3.7.1 In the event that a job applicant wishes to make a complaint about how his or her personal data is being processed by SPPA, or how his or her requests under clause 3.6 above have been handled, the applicant has the right to lodge a complaint directly with the relevant supervisory authority and SPPA’s Data Protection Officer.

3.7.2 The supervisory authority in Mauritius is the Data Commissioner of the
Mauritius Data Protection Office whose contact details are as follows:

Postal address: Data Protection Office

Level 5, SICOM Tower

Wall Street

Ebène Cyber City, Ebène

Mauritius

Email address:  dpo@govmu.org

Telephone number: +230 460 0251

Facsimile number: +230 489 7341

 

3.7.3 The contact details of SPPA’s duly appointed Data Protection Officer are as follows:

Data Protection Officer

Postal address: Caudan Security Services Headquarters

Old Post Office Road

St Pierre 81406

Mauritius

Email address: dpo@caudansecurity.com

Telephone number: +230 403 5000

Facsimile number: +230 433 2022

3.8 What does SPPA hold about job applicants?

3.8.1 At any point in time, job applicants can find out the personal data that the SPPA holds about them.

3.8.2 Upon a written request being received from a job applicant, SPPA can confirm what information it holds about that applicant and how it is processed.

3.8.3 Where SPPA holds personal data about a job applicant, the latter can request the following information from SPPA:

• Identity and the contact details of the person or organisation that has determined how and why to process that data.

• The purpose of the processing as well as the legal basis for processing.

• If the processing is based on the legitimate interests of SPPA or a third
party, information about those interests.

• The categories of personal data collected, stored and processed.

• Recipient(s) or categories of recipients that the data is/will be
disclosed to.

• If SPPA intends to transfer the personal data to a third country or international organisation, information about how SPPA ensures this is done securely. Please note that supervisory authorities in the European Union have approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, SPPA will ensure there are specific measures in place to secure the data by carrying out an adequacy test as explained in SPPA’s General Data Protection Policy.

• How long the data will be stored.

• Details of about rights to correct, erase, restrict or object to such processing.

• Information about the right to withdraw consent at any time.

• How to lodge a complaint with the relevant supervisory authority.

• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the job applicant is obliged to provide the personal data and the possible consequences of failing to provide such data.

• The source of personal data if it wasn’t collected directly from the job applicant.

• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

3.8.4 When making a written request to SPPA pursuant to this clause 3.8, the job applicant will need to provide to SPPA an appropriate form of ID in order to access to the information set out at paragraph 3.8.3 above. An appropriate form of ID is either a National Identity Card or a passport (provided the same has not expired).

 

Ownership and Authorisation

Security and Property Protection Agency Co Ltd is the owner of this document.

This document and all other related documents referred to herein may, from time to time, be reviewed in line with any changes in the law.

This Recruitment (Privacy) Notice has been duly approved by the Board of Directors of Security and Property Protection Agency Co Ltd on 16th June 2020.

By order of the Board of Directors of Security and Property Protection Agency Co Ltd.

Made in good faith on 16th June 2020 at Old Post Office Road, St Pierre 81406, Republic of
Mauritius.